Create rule S4423[cloudformation]: Add AWS API Gateway Domain Name (#472)

* Improve description * Add cloudformation to rule S4423 * Add code samples * Update rules/S4423/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S4423/cloudformation/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Add API Gateway v2 * Add highlight * Remove dots * Add code sample introduction Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com> Co-authored-by: hendrik-buchwald-sonarsource <hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
2021-11-08 12:24:40 +00:00 · 2021-11-08 12:24:40 +00:00 · 4b0f35f1e5
commit 4b0f35f1e5
parent 0bc781d70d
3 changed files with 80 additions and 0 deletions
--- a/rules/S4423/cloudformation/highlighting.adoc
+++ b/rules/S4423/cloudformation/highlighting.adoc
@ -0,0 +1,13 @@
+=== Highlighting
+
+For `AWS::ApiGateway::DomainName`:
+
+ * Highlight `SecurityPolicy` if it is specified but has the wrong value
+ * Highlight resource if `SecurityPolicy` is not specified at all
+
+For `AWS::ApiGatewayV2::DomainName`:
+
+ * Highlight `SecurityPolicy` if it is specified but has the wrong value
+ * Highlight `DomainNameConfigurations` if it exists but `SecurityPolicy` is not specified
+ * Highlight resource if `DomainNameConfigurations` does not exist
+
--- a/rules/S4423/cloudformation/metadata.json
+++ b/rules/S4423/cloudformation/metadata.json
@ -0,0 +1,2 @@
+{
+}
--- a/rules/S4423/cloudformation/rule.adoc
+++ b/rules/S4423/cloudformation/rule.adoc
@ -0,0 +1,65 @@
+include::../rule.adoc[]
+
+== Noncompliant Code Example
+
+For https://aws.amazon.com/api-gateway/[Amazon API Gateway]:
+
+----
+AWSTemplateFormatVersion: '2010-09-09'
+Resources:
+  CustomApi:
+    Type: AWS::ApiGateway::DomainName
+    Properties:
+      SecurityPolicy: "TLS_1_0"  # Noncompliant
+----
+
+----
+AWSTemplateFormatVersion: '2010-09-09'
+Resources:
+  CustomApi: # Noncompliant
+    Type: AWS::ApiGatewayV2::DomainName
+----
+
+== Compliant Solution
+
+For https://aws.amazon.com/api-gateway/[Amazon API Gateway]:
+
+----
+AWSTemplateFormatVersion: '2010-09-09'
+Resources:
+  CustomApi:
+    Type: AWS::ApiGateway::DomainName
+    Properties:
+      SecurityPolicy: "TLS_1_2"
+----
+
+----
+AWSTemplateFormatVersion: '2010-09-09'
+Resources:
+  CustomApi:
+    Type: AWS::ApiGatewayV2::DomainName
+    Properties:
+      DomainNameConfigurations:
+        SecurityPolicy: "TLS_1_2"
+----
+
+include::../see.adoc[]
+* https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html[Amazon API Gateway] - Choosing a minimum TLS version
+
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+include::highlighting.adoc[]
+
+'''
+== Comments And Links
+(visible only on this page)
+
+include::../comments-and-links.adoc[]
+endif::env-github,rspecator-view[]